---
layout: docs
page_title: Use Okta for OIDC authentication
description: >-
  Configure Vault to use Okta as an OIDC provider.
---

# Use Okta for OIDC authentication


1. Make sure an Authorization Server has been created. The "Issuer" field shown on the Setting page
   will be used as the `oidc_discovery_url`.
1. Visit Applications > Add Application (Web).
1. Configure Login redirect URIs. Save.
1. Save client ID and secret.

Note your policy will need `oidc_scopes` to include `profile` to get a full profile
("[Fat Token](https://support.okta.com/help/s/article/Okta-Groups-or-Attribute-Missing-from-Id-Token)").
You will also need to configure bound audience along the lines of
`"bound_audiences": ["api://default", "0a4........."]` if you are using the default
authorization server.
